Remove unnecessary imports and add returns

Author: maikypedia

go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected

@@ -1,14 +1,14 @@
 edges
 | ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query |
 | ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword |
-| ImproperLdapAuth.go:80:18:80:19 | "" | ImproperLdapAuth.go:90:23:90:34 | bindPassword |
+| ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword |
 nodes
 | ImproperLdapAuth.go:18:18:18:24 | selection of URL | semmle.label | selection of URL |
 | ImproperLdapAuth.go:18:18:18:32 | call to Query | semmle.label | call to Query |
 | ImproperLdapAuth.go:28:23:28:34 | bindPassword | semmle.label | bindPassword |
-| ImproperLdapAuth.go:80:18:80:19 | "" | semmle.label | "" |
-| ImproperLdapAuth.go:90:23:90:34 | bindPassword | semmle.label | bindPassword |
+| ImproperLdapAuth.go:87:18:87:19 | "" | semmle.label | "" |
+| ImproperLdapAuth.go:97:23:97:34 | bindPassword | semmle.label | bindPassword |
 subpaths
 #select
 | ImproperLdapAuth.go:28:23:28:34 | bindPassword | ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:28:23:28:34 | bindPassword | LDAP binding password depends on a $@. | ImproperLdapAuth.go:18:18:18:24 | selection of URL | user-provided value |
-| ImproperLdapAuth.go:90:23:90:34 | bindPassword | ImproperLdapAuth.go:80:18:80:19 | "" | ImproperLdapAuth.go:90:23:90:34 | bindPassword | LDAP binding password depends on a $@. | ImproperLdapAuth.go:80:18:80:19 | "" | user-provided value |
+| ImproperLdapAuth.go:97:23:97:34 | bindPassword | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | LDAP binding password depends on a $@. | ImproperLdapAuth.go:87:18:87:19 | "" | user-provided value |

go/ql/test/experimental/CWE-287/ImproperLdapAuth.go

@@ -20,15 +20,16 @@ func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
 	if err != nil {
-		log.Fatalf("Failed to connect to LDAP server: %v", err)
+		return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
 	}
 	defer l.Close()
 
 	// BAD: user input is not sanetized
 	err = l.Bind(bindDN, bindPassword)
 	if err != nil {
-		log.Fatalf("LDAP bind failed: %v", err)
+		return fmt.Errorf("LDAP bind failed: %v", err), err
 	}
+	return nil, nil
 }
 
 func good1(w http.ResponseWriter, req *http.Request) (interface{}, error) {
@@ -40,7 +41,7 @@ func good1(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
 	if err != nil {
-		log.Fatalf("Failed to connect to LDAP server: %v", err)
+		return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
 	}
 	defer l.Close()
 
@@ -50,6 +51,10 @@ func good1(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	if !hasEmptyInput {
 		l.Bind(bindDN, bindPassword)
 	}
+	if err != nil {
+		return fmt.Errorf("LDAP bind failed: %v", err), err
+	}
+	return nil, nil
 }
 
 func good2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
@@ -61,14 +66,16 @@ func good2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
 	if err != nil {
-		log.Fatalf("Failed to connect to LDAP server: %v", err)
+		return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
 	}
 	defer l.Close()
 
 	// GOOD : bindPassword is not empty
 	if bindPassword != "" {
 		l.Bind(bindDN, bindPassword)
+		return nil, err
 	}
+	return nil, nil
 }
 
 func bad2(req *http.Request) {